Reverse proxy (HAProxy) with permanent OpenVPN Tunnel



  • Hi Guys,

    I have some problems configuring HAProxy to use the OpenVPNTunnel I have. A bit of explanation:

    Interfaces:

    • LAN
    • WAN, connected to my cable modem DHCP
    • VPN, tunnel to hosting provider that hosts my domainname

    Because I want to have a fixed ip address on my domainname I use the VPN tunnel, my ISP also doesn't allow running servers and blocks most ports (mainly mailserver ports)

    I used this tutorial to get Acme working: https://youtu.be/5Frn96oADOU

    It works, but.... when connecting to my domainname on port 80 I see the in the tutorial mentioned error page "Maintenance", so that's supposed to happen, when I connect through the WAN interface I also get the same page...

    The listening Address in the frontend is set to "any" port 80 (I couldn't get it to work otherwise), and have a FW rule : Source Any, Port any , Destination VPN address, Interface VPN.

    Is there anything I missed or misconfigured?



  • @Stimpy68
    Sounds seemingly fine... but for sure i'm not gonna watch a 30 minute video that surely wont show what step you might have missed..

    So what 'maintenance' page are you getting.? One from haproxy or from your actual website?, what does it look like.?

    Can you share the haproxy.cfg from the bottom of the settings tab of haproxy package? Are stats configured? Does the webserver show as 'up' ?



  • I got it working, used the virtual ip address of the VPN tunnel. Now the response only goes through the tunnel. So that issue is solved.



  • Okay, got it all working now, including SSL offloading. Only one thing I want to accomplish. I run a mailserver suite (MailCow), when you go to mail.mydomain.net you land on the admin page and not the webmailclient, thats on /webmail. Is there any way to do this in HAProxy? And of course, how? ;-)



  • @Stimpy68
    Try and put this setting in the frontend under "Advanced settings" in the textbox for "Advanced pass thru" ?:

    http-request redirect location /webmail unless { path -i -m reg "^/webmail" }
    


  • @PiBa Thanks! I first placed it in the frontend, but then all my backend servers went to /webmail. I put it in actions in the backend server for my mailserver and it works like a charm!


Log in to reply